Re: [swinog] UCEProtect Blacklist (Update)
Markus Wild wrote: UCE Protect is one of those lists who suffer from a very odd sense of reality.. whoever uses that list to protect his mail servers must be aware that he'll get a lot of false positives (ie.valid mail won't get thru). No-one is likely to use uceprotect level3 to block emails, but they might very well use it for scoring. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist (Update)
No-one is likely to use uceprotect level3 to block emails, but they might very well use it for scoring. /Per Jessen, Herrliberg every AS with residential broadband users in it will get easily into that list, so what's the value of it? ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
Charles Buckley wrote: And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps. Everyone is going crazy about security, so you're likely to see a proliferation of providers offering to maintain blacklists, who will do it badly. There is already plenty of such lists - I don't think the number is likely to grow a awful lot. Much better would be to let the users determine what is spam and what is not, getting the ISP out of the role of having to play judge on a topic they don't master. Nah, leave the spam-filtering to us :-) The user and the ISP both have better things to do. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
On Wed, 2007-11-07 at 10:54 +0100, Per Jessen wrote: commercial Nah, leave the spam-filtering to us :-) The user and the ISP both have better things to do. /commercial :-D - Dan ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
Per Jessen wrote: Charles Buckley wrote: And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps. Uh, sorry - I overlooked that you said shared. Well, according to SORBS, the server got listed because mail was sent to a spamtrap on 13 August. It could be one of your co-sharers ... if I were you, I'd talk to q-x.ch, and ask them what they're doing about it. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
I'm far ahead of you -- I already knew all this, and have done all the right steps. The server uses strictly SMTP_AUTH; it has not been compromised beyond the account details of the spammer being circulated. The provider moved instantaneously to identify the offender and kick them out. The compromised SMTP account is now closed. But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list. Instead, they have offered to set up a SMART host for me, but that hasn't happened yet. Perhaps this would be a good insurance line -- insuring against Rufmord from all these neighbourhood network grannies. But I somehow feel that dealing with the insurance Bürokraten would be worse than dealing with these issues by finding ways to protect from SPAM that don't involve hiring a bunch of self-appointed busybodies to strategically misinterpret actions and blackmail money out of people who add value by creating arbitrary sets of losers. Are we talking about mature individuals here? The ETH should know better than to be using such people anyway -- I have informed them of the problem. Charles -Original Message- From: Per Jessen [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 12:03 PM To: swinog@lists.swinog.ch Subject: RE: [swinog] UCEProtect Blacklist -- join the club Per Jessen wrote: Charles Buckley wrote: And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps. Uh, sorry - I overlooked that you said shared. Well, according to SORBS, the server got listed because mail was sent to a spamtrap on 13 August. It could be one of your co-sharers ... if I were you, I'd talk to q-x.ch, and ask them what they're doing about it. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist -- join the club
Hello Charles Charles Buckley wrote: The ETH should know better than to be using such people anyway -- I have informed them of the problem. At ETH Zurich it depends to which subdomain you are sending e-mail, because some departments run their own mail server with their own policies. But I guess most others depend on the mail service provided from Informatikdienste (ID). I once had a chance to attend a presentation of their mail setup (especialy the mx hosts with the spam and virus filtering) and therefore I know that they are using a few DNS Blacklists to drop mail at the smtp communication. But I don't remember which. Contacting the postmaster at ethz.ch should help. bye Fabian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
On Wed, 2007-11-07 at 12:29 +0100, Charles Buckley wrote: The provider moved instantaneously to identify the offender and kick them out. The compromised SMTP account is now closed. But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list. As ISP you don't have to pay a fee for delisting at SORBS. Simply mail to [EMAIL PROTECTED] and tell them your ASN. Without ASN your mail will be dropped. Cheerio - Dan ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. Everyone is going crazy about security, so you're likely to see a proliferation of providers offering to maintain blacklists, who will do it badly. Much better would be to let the users determine what is spam and what is not, getting the ISP out of the role of having to play judge on a topic they don't master. -Original Message- From: Per Jessen [mailto:[EMAIL PROTECTED] Sent: Saturday, November 03, 2007 4:54 PM To: swinog@lists.swinog.ch Subject: Re: [swinog] UCEProtect Blacklist Xaver Aerni wrote: Wy is unproffesional, UCEprotect is blocking AS I think this isn't proffesional. Actually, UCEprotect is not blocking anything. They only provide the means for other people to do so. Anyone who uses UCEprotect level3 have been duly warned. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist
* on the Sat, Nov 03, 2007 at 02:00:15PM +0100, Per Jessen wrote: I would be interested to know why you find UCEprotect to be unreliable and unprofessional? Because of their delisting-procedure. How many networks will end up in there which have been sending spam at some time, but don't ever sent spam since then, because their admins fixed the problem, or the net got reassigned or whatever? And maybe their admins didn't even know they're on uceprotect, or the new admins don't know or whatever? Every blacklist who does not delete the listings automatically will end up eventually with a huge mass of false positives, which indicates a failure of the system. With UCEprotect, I estimate about 30% of their entries being listed are such false positives, and this will of course raise and raise.. Cheers Seegras -- Those who give up essential liberties for temporary safety deserve neither liberty nor safety. -- Benjamin Franklin ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist
Peter Keel wrote: * on the Sat, Nov 03, 2007 at 02:00:15PM +0100, Per Jessen wrote: I would be interested to know why you find UCEprotect to be unreliable and unprofessional? Because of their delisting-procedure. How many networks will end up in there which have been sending spam at some time, but don't ever sent spam since then, because their admins fixed the problem, or the net got reassigned or whatever? UCEprotect level1 and -2 both include automatic delisting. Only level3 does not seem to have automatic delisting. With UCEprotect, I estimate about 30% of their entries being listed are such false positives, and this will of course raise and raise.. I ran some stats on our traffic (we use UCEprotect 1,2,3) for all of october - false positives per level: level1 = 0.75% level2 = 2.06% level3 = 0.96% (we have been using level3 experimentally for the last third of october) false positive = non-spam email sent by levelX listed server. Per Jessen -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist
Xaver Aerni wrote: Is possible in the international Trafic you have less false positives. But here in Switzerland is it possble till 30 % false possitives Mails. Hello Xaver I have not looked at how much traffic we have coming from Sunrise (for example), but you're right - if we had lots of Sunrise traffic, we would also see more FPs from UCEprotect level3. From our point of view, it wouldn't change much as we only allocate 0.4 points for a level3 hit. I don't have any stats on how much international vs. how much Swiss traffic we have. Interesting question - I'll have to look into that. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: AW: [swinog] UCEProtect Blacklist
I don't think that. If you Pay Money for delisting, you can wait for a while and you are listed again. The Problem are the Dynamic IP Subnets. if to much of the Cosumers Infected with any spambots, the Subnet got listed again, and if 2 or 3 subnets in a AS are listed, the whole are got listed... so, the only way for sunrise i think is create a own AS for all Dynamic Ranges and one for fixed/business ranges... Regards Marco Xaver Aerni wrote: Hello, This is the Problem Sunrise won't pay money. And they want make money. I think the best way is to removie UCEProtect.net level 3 from your Blacklist. Greetings Xaver -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marco Meile Gesendet: Freitag, 2. November 2007 21:47 An: [EMAIL PROTECTED] Betreff: [swinog] UCEProtect Blacklist Hi there We have some Problems with the UCEProtect.net blacklist. He lists some Subnets and AS who dosnt send Spam from us Customers... e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have Problem on E-Mail Services. But really Spammers are not listed :D Maybe the Blacklists add some subnets of Big Companys, cause for delisting you need to pay some money... dnsstuff.com uses this blacklist in the lookup tool i dont know how many providers using this list. Anyone there know more about this Blacklist? The Service is Provided by admins.ws and for the fun try www.admins.ws/../../etc/passwd Marco -- For list-off Contact use: silicium (-at-) natural-geek.org PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715 -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w-- O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+ G++ e+ h++ r y+ --END GEEK CODE BLOCK-- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- For list-off Contact use: silicium (-at-) natural-geek.org PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715 -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w-- O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+ G++ e+ h++ r y+ --END GEEK CODE BLOCK-- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist
On Fri, 2007-11-02 at 21:46 +0100, Marco Meile wrote: We have some Problems with the UCEProtect.net blacklist. We considered UCEprotect as absolutely unreliable and unprofessional and are ignoring listings there. And I think so are 'the big swiss ones'. And for sure, it's impossible to handle all those RBL which are online. IMO any postmaster who blockes mails upon one blacklist entry is ... (what was that polite description of moron?) ;) Cheers - Dan ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist
Daniel Kamm wrote: On Fri, 2007-11-02 at 21:46 +0100, Marco Meile wrote: We have some Problems with the UCEProtect.net blacklist. We considered UCEprotect as absolutely unreliable and unprofessional and are ignoring listings there. And I think so are 'the big swiss ones'. Hi Daniel, I would be interested to know why you find UCEprotect to be unreliable and unprofessional? IMO any postmaster who blockes mails upon one blacklist entry is ... (what was that polite description of moron?) ;) There is no shortage of incompetent postmasters and mail-admins. :-( /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist
Xaver Aerni wrote: Wy is unproffesional, UCEprotect is blocking AS I think this isn't proffesional. Actually, UCEprotect is not blocking anything. They only provide the means for other people to do so. Anyone who uses UCEprotect level3 have been duly warned. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] UCEProtect Blacklist
Hi there We have some Problems with the UCEProtect.net blacklist. He lists some Subnets and AS who dosnt send Spam from us Customers... e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have Problem on E-Mail Services. But really Spammers are not listed :D Maybe the Blacklists add some subnets of Big Companys, cause for delisting you need to pay some money... dnsstuff.com uses this blacklist in the lookup tool i dont know how many providers using this list. Anyone there know more about this Blacklist? The Service is Provided by admins.ws and for the fun try www.admins.ws/../../etc/passwd Marco -- For list-off Contact use: silicium (-at-) natural-geek.org PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715 -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w-- O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+ G++ e+ h++ r y+ --END GEEK CODE BLOCK-- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
AW: [swinog] UCEProtect Blacklist
Hello, This is the Problem Sunrise won't pay money. And they want make money. I think the best way is to removie UCEProtect.net level 3 from your Blacklist. Greetings Xaver -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marco Meile Gesendet: Freitag, 2. November 2007 21:47 An: [EMAIL PROTECTED] Betreff: [swinog] UCEProtect Blacklist Hi there We have some Problems with the UCEProtect.net blacklist. He lists some Subnets and AS who dosnt send Spam from us Customers... e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have Problem on E-Mail Services. But really Spammers are not listed :D Maybe the Blacklists add some subnets of Big Companys, cause for delisting you need to pay some money... dnsstuff.com uses this blacklist in the lookup tool i dont know how many providers using this list. Anyone there know more about this Blacklist? The Service is Provided by admins.ws and for the fun try www.admins.ws/../../etc/passwd Marco -- For list-off Contact use: silicium (-at-) natural-geek.org PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715 -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w-- O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+ G++ e+ h++ r y+ --END GEEK CODE BLOCK-- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog